Overview
- The Personal Information Protection Commission outlined stronger fines for companies hit by repeated leaks from the same cause, with punitive fines under long-term consideration.
- Proposed legal changes would state that a company’s chief executive bears final responsibility for protecting personal information.
- Firms that exceed requirements could receive reduced penalties, including for encrypting optional data or deploying fraud detection, with incentives tied to dedicated staffing or a 10 percent IT budget for protection at large handlers.
- The regulator plans expanded monitoring of leaked data, including activity on the dark web, and will consult stakeholders on the fine framework through next year.
- Heightened enforcement continues, with a record 134.8 billion won penalty against SK Telecom over a breach affecting 23 million users and separate fines on Moncler Korea after a 230,000-customer leak.